Insider Threat – The Levandowski Effect
The biggest cyber security threat in 2017 is in cubicle next to you
In a recent study by IBM, reserchers found that over half of data breaches are a result of internal actors leaking sensitive data, and currently ex-engineer Anthony Levandowski is under fire for doing just that.
Levandowski, a former technology lead for Alphabet, Google’s parent company, and creators of the self-driving car Waymo, is currently in the technological legal battle of his life. The American engineer is accused of lifting approximately 14,000 internal files related to the self-driving technology before founding autonomous trucking company Otto. He’s also suspected of downloading thousands of documents from Alphabet’s LiDAR design prior to his abrupt resignation, after Otto was acquired by Uber last year in a $680 million deal. The kicker? Levandowski is alleged to have received $250 million in shares from Uber, the DAY AFTER he cut ties with Alphabet.
Uber maintains that no intellectual property obtained from Waymo or the LiDAR design ever penetrated their network. However a federal judge ordered the cease of any and all work by Levandowski on LIDAR (a key self-driving technology, that uses light in the form of a pulsed laser to measure variable distances to the Earth.) Uber has since served Levandowski with an ultimatum: hand over the files or hit the road.
Who should I look out for?
Most of the time threats fall into 3 catagories
Unintentional – Usually involves a “negligent Nancy” who triple clicks. If hackers are phishing, she’s biting, unwittingly of course, but nevertheless putting sensitive data and business value at risk. Often under-trained and unaware of potential threats.
Unknowing – for example a partner or supplier that unknowingly passes on sensitive information either through email, mail, or verbal communication.
Malicious – fully aware that their misuse or exploitation of data will result in harm to the business. Malicious motivating factors include profit, sabotage, fraud or to cause intentional harm to the business.
4 things to take away from the Levandowski Breach
Implement an Insider Threat Policy
Implement a strong security policy or plan of action. Preventative actions should be taken to plan and prepare for any and all potential breaches. Set guidelines for best practice when dealing with sensitive information within the office.
You don’t know what you don’t know. Once a policy is in place, employees must be trained and retrained. Educating staff on malware, phishing scams and general data protection can combat many internal data breaches.
Develop a system of checks and balances. Gone are the days of the IT department having sole responsibility for cyber security. Cultivate strong cross-departmental communication. Often Human Resources may be the first to spot potential threatening behavior. Monitor “at-risk” employees to a greater degree.
With Panthera Technologies’s email encryption platform, we can ensure that all the protected information you send finds only its intended target. Our solutions prevent accidental exposure of healthcare information, credit card information, social security numbers and other financial and personal data.